I fully agree. Thank you Ben!
On 4/6/21, 21:43, "Benjamin Kaduk" wrote:
Hi Yaron,
Thanks for the (multiple!) reviews.
My understanding is that the intention is not to allow "server_name" in all
CertificateRequests but only specifically in the ClientCertificateRequest
Hi Yaron,
Thanks for the (multiple!) reviews.
My understanding is that the intention is not to allow "server_name" in all
CertificateRequests but only specifically in the ClientCertificateRequest
case. I think it can be helpful to notate that with a "CR" in the "TLS
1.3" column of the registry
Reviewer: Yaron Sheffer
Review result: Has Issues
After a bit of back and forth over my *two* previous SecDir requests, I'm
afraid that my original comment has not yet been fully addressed. The IANA
considerations section (Sec. 8.1) adds server_name as a possible extension for
CertificateRequest.